๐จ CVE-2025-10632
A security flaw has been discovered in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in itsourcecode Online Petshop Management System 1.0. The affected element is an unknown function of the file availableframe.php of the component Admin Dashboard. The manipulation of the argument name/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
๐@cveNotify
GitHub
Online-Pet-Shop-Management-System_AdminDashboard_Stored-XSS-PoC/README.md at main ยท drew-byte/Online-Pet-Shop-Management-Systeโฆ
Contribute to drew-byte/Online-Pet-Shop-Management-System_AdminDashboard_Stored-XSS-PoC development by creating an account on GitHub.
๐จ CVE-2025-10634
A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in D-Link DIR-823X 240126/240802/250416. The impacted element is the function sub_412E7C of the file /usr/sbin/goahead of the component Environment Variable Handler. This manipulation of the argument terminal_addr/server_ip/server_port causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
D-Link/DIink-DIR-823x.md at main ยท Cpppq43/D-Link
Contribute to Cpppq43/D-Link development by creating an account on GitHub.
๐จ CVE-2025-10642
A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
๐@cveNotify
A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
๐@cveNotify
GitHub
chat_forum/q.php at master ยท wangchenyi1996/chat_forum
่ๅคฉไบคๅ่ฎบๅ็ณป็ป. Contribute to wangchenyi1996/chat_forum development by creating an account on GitHub.
๐จ CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
๐@cveNotify
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
๐@cveNotify
๐จ CVE-2023-49564
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.
The risk can be partially mitigated by restricting access to the management network using external firewall.
๐@cveNotify
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.
The risk can be partially mitigated by restricting access to the management network using external firewall.
๐@cveNotify
Nokia.com
CVE-2023-49564 | Nokia.com
Security vulnerability advisories published by Nokia PSIRT
๐จ CVE-2023-49565
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.
The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.
Restricting access to the management network with an external firewall can partially mitigate this risk.
๐@cveNotify
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.
The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.
Restricting access to the management network with an external firewall can partially mitigate this risk.
๐@cveNotify
Nokia.com
CVE-2023-49565 | Nokia.com
Security vulnerability advisories published by Nokia PSIRT
๐จ CVE-2025-5305
The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.
๐@cveNotify
The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.
๐@cveNotify
WPScan
Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation
See details on Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation CVE 2025-5305. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-8942
The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests.
๐@cveNotify
The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests.
๐@cveNotify
WPScan
WP Hotel Booking < 2.2.3 - Subscriber+ Rating Manipulation
See details on WP Hotel Booking < 2.2.3 - Subscriber+ Rating Manipulation CVE 2025-8942. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-9083
The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
๐@cveNotify
The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
๐@cveNotify
WPScan
Ninja-forms < 3.11.1 - Unauthenticated PHP Object Injection
See details on Ninja-forms < 3.11.1 - Unauthenticated PHP Object Injection CVE 2025-9083. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-39673
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-42032
Access permission verification vulnerability in the Contacts module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Access permission verification vulnerability in the Contacts module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
๐จ CVE-2024-42033
Access control vulnerability in the security verification module
mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
๐@cveNotify
Access control vulnerability in the security verification module
mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
๐@cveNotify
๐จ CVE-2024-42035
Permission control vulnerability in the App Multiplier module
Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
๐@cveNotify
Permission control vulnerability in the App Multiplier module
Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
๐@cveNotify
๐จ CVE-2024-42036
Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
โค1
๐จ CVE-2024-42038
Vulnerability of PIN enhancement failures in the screen lock module
Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
๐@cveNotify
Vulnerability of PIN enhancement failures in the screen lock module
Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
๐@cveNotify
๐จ CVE-2025-8463
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Parameter Injection.This issue affects SecHard: before 3.6.2-20250805.
๐@cveNotify
Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Parameter Injection.This issue affects SecHard: before 3.6.2-20250805.
๐@cveNotify
๐จ CVE-2024-45776
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
๐@cveNotify
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
๐@cveNotify
๐จ CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
๐@cveNotify
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.
๐@cveNotify
๐จ CVE-2025-0622
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
๐@cveNotify
A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.
๐@cveNotify
๐จ CVE-2025-1118
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
๐@cveNotify
A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.
๐@cveNotify
๐จ CVE-2025-0677
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.
๐@cveNotify
A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.
๐@cveNotify